return TRUE;
}
-
-static gsize
-get_exported_size (gnutls_x509_crt_t cert)
-{
- gsize retval = 2;
- guchar fake[2] = { 0, 0 };
-
- /* fake an export so we get the size to allocate */
- gnutls_x509_crt_export (cert, GNUTLS_X509_FMT_PEM,
- fake, &retval);
-
- DEBUG ("Should allocate %lu bytes", (gulong) retval);
-
- return retval + 1;
-}
-
-void
-empathy_tls_certificate_store_ca (EmpathyTLSCertificate *self)
-{
- GArray *last_cert;
- gnutls_x509_crt_t cert;
- gnutls_datum_t datum = { NULL, 0 };
- gsize exported_len;
- guchar *exported_cert = NULL;
- gint res, offset;
- gchar *user_certs_dir = NULL, *filename = NULL, *path = NULL;
- gchar *hostname = NULL;
- GError *error = NULL;
- EmpathyTLSCertificatePriv *priv = GET_PRIV (self);
-
- last_cert = g_ptr_array_index (priv->cert_data, priv->cert_data->len - 1);
- datum.data = (guchar *) last_cert->data;
- datum.size = last_cert->len;
-
- gnutls_x509_crt_init (&cert);
- gnutls_x509_crt_import (cert, &datum, GNUTLS_X509_FMT_DER);
-
- /* make sure it's self-signed, otherwise it's not a CA */
- if (gnutls_x509_crt_check_issuer (cert, cert) <= 0)
- {
- DEBUG ("Can't import the CA, as it's not self-signed");
- gnutls_x509_crt_deinit (cert);
-
- return;
- }
-
- if (gnutls_x509_crt_get_ca_status (cert, NULL) <= 0)
- {
- DEBUG ("Can't import the CA, it's not a valid CA certificate");
- gnutls_x509_crt_deinit (cert);
-
- goto out;
- }
-
- exported_len = get_exported_size (cert);
- exported_cert = g_malloc (sizeof (guchar) * exported_len);
-
- res = gnutls_x509_crt_export (cert, GNUTLS_X509_FMT_PEM,
- exported_cert, &exported_len);
-
- if (res < 0)
- {
- DEBUG ("Failed to export the CA certificate; GnuTLS returned %d,"
- "and should be %lu bytes long", res, (gulong) exported_len);
- gnutls_x509_crt_deinit (cert);
-
- goto out;
- }
-
- hostname = empathy_get_x509_certificate_hostname (cert);
-
- if (hostname == NULL)
- hostname = g_strdup ("ca");
-
- gnutls_x509_crt_deinit (cert);
-
- /* write the file */
- user_certs_dir = g_build_filename (g_get_user_config_dir (),
- "telepathy", "certs", NULL);
-
- res = g_mkdir_with_parents (user_certs_dir, S_IRWXU | S_IRWXG);
-
- if (res < 0)
- {
- DEBUG ("Failed to create the user certificate directory: %s",
- g_strerror (errno));
-
- goto out;
- }
-
- offset = 0;
-
- do
- {
- g_free (path);
-
- if (offset == 0)
- filename = g_strdup_printf ("cert-%s", hostname);
- else
- filename = g_strdup_printf ("cert-%s-%d", hostname, offset);
-
- path = g_build_filename (user_certs_dir, filename, NULL);
-
- offset++;
- g_free (filename);
- }
- while (g_file_test (path, G_FILE_TEST_EXISTS));
-
- DEBUG ("Will save to %s", path);
-
- g_file_set_contents (path, (const gchar *) exported_cert, exported_len,
- &error);
-
- if (error != NULL)
- {
- DEBUG ("Can't save the CA certificate to %s: %s",
- path, error->message);
-
- g_error_free (error);
- }
-
- out:
- g_free (path);
- g_free (exported_cert);
- g_free (user_certs_dir);
- g_free (hostname);
-}
return TRUE;
}
+
+void
+empathy_tls_verifier_store_exception (EmpathyTLSVerifier *self)
+{
+ GArray *last_cert;
+ GcrCertificate *cert;
+ GPtrArray *certs;
+ GError *error = NULL;
+ EmpathyTLSVerifierPriv *priv = GET_PRIV (self);
+
+ g_object_get (priv->certificate, "cert-data", &certs, NULL);
+ last_cert = g_ptr_array_index (certs, certs->len - 1);
+ cert = gcr_simple_certificate_new_static ((gpointer)last_cert->data,
+ last_cert->len);
+
+ if (!gcr_trust_add_certificate_exception (cert, GCR_PURPOSE_CLIENT_AUTH,
+ priv->hostname, NULL, &error))
+ DEBUG ("Can't store the certificate exeption: %s", error->message);
+
+ g_object_unref (cert);
+}
GHashTable *details = NULL;
EmpathyTLSDialog *tls_dialog = EMPATHY_TLS_DIALOG (dialog);
gboolean remember = FALSE;
+ EmpathyTLSVerifier *verifier = EMPATHY_TLS_VERIFIER (user_data);
DEBUG ("Response %d", response_id);
}
if (remember)
- empathy_tls_certificate_store_ca (certificate);
+ empathy_tls_verifier_store_exception (verifier);
g_object_unref (certificate);
g_hash_table_unref (details);
static void
display_interactive_dialog (EmpathyTLSCertificate *certificate,
+ EmpathyTLSVerifier *verifier,
EmpTLSCertificateRejectReason reason,
GHashTable *details)
{
stop_timer ();
tls_dialog = empathy_tls_dialog_new (certificate, reason, details);
- g_signal_connect (tls_dialog, "response",
- G_CALLBACK (tls_dialog_response_cb), NULL);
+ g_signal_connect_data (tls_dialog, "response",
+ G_CALLBACK (tls_dialog_response_cb), g_object_ref (verifier),
+ (GClosureNotify)g_object_unref, 0);
gtk_widget_show (tls_dialog);
}
GError *error = NULL;
EmpathyTLSCertificate *certificate = NULL;
GHashTable *details = NULL;
+ gchar *hostname = NULL;
g_object_get (source,
"certificate", &certificate,
if (error != NULL)
{
DEBUG ("Error: %s", error->message);
- display_interactive_dialog (certificate, reason, details);
+ display_interactive_dialog (certificate, EMPATHY_TLS_VERIFIER (source),
+ reason, details);
g_error_free (error);
}
empathy_tls_certificate_accept_async (certificate, NULL, NULL);
}
+ g_free (hostname);
g_object_unref (certificate);
}
projects / empathy.git / commitdiff