Don't ignore the CA certificate if it's the only one in the chain

author Cosimo Cecchi <cosimoc@gnome.org>

Mon, 4 Oct 2010 09:13:22 +0000 (11:13 +0200)

committer Cosimo Cecchi <cosimoc@gnome.org>

Mon, 4 Oct 2010 09:23:20 +0000 (11:23 +0200)
author Cosimo Cecchi <cosimoc@gnome.org>
Mon, 4 Oct 2010 09:13:22 +0000 (11:13 +0200)
committer Cosimo Cecchi <cosimoc@gnome.org>
Mon, 4 Oct 2010 09:23:20 +0000 (11:23 +0200)
diff --git a/libempathy/empathy-tls-verifier.c b/libempathy/empathy-tls-verifier.c

index 517ae9e5b4551fc338138e13920121c909e5ef84..13727db17fa6b1672664f722188229dc36197676 100644 (file)
--- a/libempathy/empathy-tls-verifier.c
+++ b/libempathy/empathy-tls-verifier.c
@@ -260,10 +260,13 @@ real_start_verification (EmpathyTLSVerifier *self)
        /* if the last certificate is self-signed, and we have a list of
         * trusted CAs, ignore it, as we want to check the chain against our
         * trusted CAs list first.
+       * if we have only one certificate in the chain, don't ignore it though,
+       * as it's the CA certificate itself.
         */
        last_cert = g_ptr_array_index (priv->cert_chain, num_certs - 1);
  
-      if (gnutls_x509_crt_check_issuer (last_cert, last_cert) > 0)
+      if (gnutls_x509_crt_check_issuer (last_cert, last_cert) > 0 &&
+          num_certs > 1)
          num_certs--;
      }
author	Cosimo Cecchi <cosimoc@gnome.org>
	Mon, 4 Oct 2010 09:13:22 +0000 (11:13 +0200)
committer	Cosimo Cecchi <cosimoc@gnome.org>
	Mon, 4 Oct 2010 09:23:20 +0000 (11:23 +0200)