diff options
Diffstat (limited to 'src/server-tls-manager.c')
-rw-r--r-- | src/server-tls-manager.c | 69 |
1 files changed, 67 insertions, 2 deletions
diff --git a/src/server-tls-manager.c b/src/server-tls-manager.c index dd07c9e6a..62ab8865f 100644 --- a/src/server-tls-manager.c +++ b/src/server-tls-manager.c @@ -204,6 +204,69 @@ tls_certificate_rejected_cb (GabbleTLSCertificate *certificate, } static void +extend_string_ptr_array (GPtrArray *array, + GStrv new_elements) +{ + gint i; + + if (new_elements != NULL) + { + for (i = 0; new_elements[i] != NULL; i++) + { + if (!tp_str_empty (new_elements[i])) + g_ptr_array_add (array, g_strdup (new_elements[i])); + } + } +} + +static void +fill_reference_identities (GabbleServerTLSManager *self, + const gchar *peername, + GStrv original_extra_identities) +{ + GPtrArray *identities; + gchar *connect_server = NULL; + gchar *explicit_server = NULL; + GStrv extra_certificate_identities = NULL; + + g_return_if_fail (self->priv->reference_identities == NULL); + + g_object_get (self->priv->connection, + "connect-server", &connect_server, + "explicit-server", &explicit_server, + "extra-certificate-identities", &extra_certificate_identities, + NULL); + + identities = g_ptr_array_new (); + + /* The peer name, i.e, the domain part of the JID */ + g_ptr_array_add (identities, g_strdup (peername)); + + /* The extra identities that the caller of verify_async() passed */ + extend_string_ptr_array (identities, original_extra_identities); + + /* The explicitly overridden server (if in use) */ + if (!tp_str_empty (explicit_server) && + !tp_strdiff (connect_server, explicit_server)) + { + g_ptr_array_add (identities, g_strdup (explicit_server)); + } + + /* Extra identities added to the account as a result of user choices */ + extend_string_ptr_array (identities, extra_certificate_identities); + + /* Null terminate, since this is a gchar** */ + g_ptr_array_add (identities, NULL); + + self->priv->reference_identities = (GStrv) g_ptr_array_free (identities, + FALSE); + + g_strfreev (extra_certificate_identities); + g_free (explicit_server); + g_free (connect_server); +} + +static void gabble_server_tls_manager_verify_async (WockyTLSHandler *handler, WockyTLSSession *tls_session, const gchar *peername, @@ -235,6 +298,8 @@ gabble_server_tls_manager_verify_async (WockyTLSHandler *handler, return; } + fill_reference_identities (self, peername, extra_identities); + if (!self->priv->interactive_tls) { DEBUG ("ignore-ssl-errors is set, fallback to non-interactive " @@ -245,7 +310,7 @@ gabble_server_tls_manager_verify_async (WockyTLSHandler *handler, WOCKY_TLS_HANDLER_CLASS (gabble_server_tls_manager_parent_class)->verify_async_func ( WOCKY_TLS_HANDLER (self), tls_session, peername, - extra_identities, callback, user_data); + self->priv->reference_identities, callback, user_data); return; } @@ -253,7 +318,6 @@ gabble_server_tls_manager_verify_async (WockyTLSHandler *handler, self->priv->async_result = result; self->priv->tls_session = g_object_ref (tls_session); self->priv->peername = g_strdup (peername); - self->priv->reference_identities = g_strdupv (extra_identities); self->priv->async_callback = callback; self->priv->async_data = user_data; @@ -261,6 +325,7 @@ gabble_server_tls_manager_verify_async (WockyTLSHandler *handler, "connection", self->priv->connection, "tls-session", tls_session, "hostname", peername, + "reference-identities", self->priv->reference_identities, NULL); g_signal_connect (self->priv->channel, "closed", |