diff options
author | Cosimo Cecchi <cosimoc@gnome.org> | 2010-10-04 17:13:22 +0800 |
---|---|---|
committer | Cosimo Cecchi <cosimoc@gnome.org> | 2010-10-04 17:23:20 +0800 |
commit | a63cc377a55674f8b9ff5870e1d5db211c43049a (patch) | |
tree | 5c39842785e48eb9c2daae1c065c9e6357c15e97 | |
parent | ae556603dd7e354ba17657bee405f20d4d84c902 (diff) | |
download | gsoc2013-empathy-a63cc377a55674f8b9ff5870e1d5db211c43049a.tar gsoc2013-empathy-a63cc377a55674f8b9ff5870e1d5db211c43049a.tar.gz gsoc2013-empathy-a63cc377a55674f8b9ff5870e1d5db211c43049a.tar.bz2 gsoc2013-empathy-a63cc377a55674f8b9ff5870e1d5db211c43049a.tar.lz gsoc2013-empathy-a63cc377a55674f8b9ff5870e1d5db211c43049a.tar.xz gsoc2013-empathy-a63cc377a55674f8b9ff5870e1d5db211c43049a.tar.zst gsoc2013-empathy-a63cc377a55674f8b9ff5870e1d5db211c43049a.zip |
Don't ignore the CA certificate if it's the only one in the chain
This avoids auth-client crashes for servers which provide only a
self-signed CA as TLS certificate on connect (#631095).
-rw-r--r-- | libempathy/empathy-tls-verifier.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/libempathy/empathy-tls-verifier.c b/libempathy/empathy-tls-verifier.c index 517ae9e5b..13727db17 100644 --- a/libempathy/empathy-tls-verifier.c +++ b/libempathy/empathy-tls-verifier.c @@ -260,10 +260,13 @@ real_start_verification (EmpathyTLSVerifier *self) /* if the last certificate is self-signed, and we have a list of * trusted CAs, ignore it, as we want to check the chain against our * trusted CAs list first. + * if we have only one certificate in the chain, don't ignore it though, + * as it's the CA certificate itself. */ last_cert = g_ptr_array_index (priv->cert_chain, num_certs - 1); - if (gnutls_x509_crt_check_issuer (last_cert, last_cert) > 0) + if (gnutls_x509_crt_check_issuer (last_cert, last_cert) > 0 && + num_certs > 1) num_certs--; } |