aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorCosimo Cecchi <cosimoc@gnome.org>2010-10-04 17:13:22 +0800
committerCosimo Cecchi <cosimoc@gnome.org>2010-10-04 17:23:20 +0800
commita63cc377a55674f8b9ff5870e1d5db211c43049a (patch)
tree5c39842785e48eb9c2daae1c065c9e6357c15e97
parentae556603dd7e354ba17657bee405f20d4d84c902 (diff)
downloadgsoc2013-empathy-a63cc377a55674f8b9ff5870e1d5db211c43049a.tar
gsoc2013-empathy-a63cc377a55674f8b9ff5870e1d5db211c43049a.tar.gz
gsoc2013-empathy-a63cc377a55674f8b9ff5870e1d5db211c43049a.tar.bz2
gsoc2013-empathy-a63cc377a55674f8b9ff5870e1d5db211c43049a.tar.lz
gsoc2013-empathy-a63cc377a55674f8b9ff5870e1d5db211c43049a.tar.xz
gsoc2013-empathy-a63cc377a55674f8b9ff5870e1d5db211c43049a.tar.zst
gsoc2013-empathy-a63cc377a55674f8b9ff5870e1d5db211c43049a.zip
Don't ignore the CA certificate if it's the only one in the chain
This avoids auth-client crashes for servers which provide only a self-signed CA as TLS certificate on connect (#631095).
-rw-r--r--libempathy/empathy-tls-verifier.c5
1 files changed, 4 insertions, 1 deletions
diff --git a/libempathy/empathy-tls-verifier.c b/libempathy/empathy-tls-verifier.c
index 517ae9e5b..13727db17 100644
--- a/libempathy/empathy-tls-verifier.c
+++ b/libempathy/empathy-tls-verifier.c
@@ -260,10 +260,13 @@ real_start_verification (EmpathyTLSVerifier *self)
/* if the last certificate is self-signed, and we have a list of
* trusted CAs, ignore it, as we want to check the chain against our
* trusted CAs list first.
+ * if we have only one certificate in the chain, don't ignore it though,
+ * as it's the CA certificate itself.
*/
last_cert = g_ptr_array_index (priv->cert_chain, num_certs - 1);
- if (gnutls_x509_crt_check_issuer (last_cert, last_cert) > 0)
+ if (gnutls_x509_crt_check_issuer (last_cert, last_cert) > 0 &&
+ num_certs > 1)
num_certs--;
}