aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorCosimo Cecchi <cosimoc@gnome.org>2010-10-04 17:13:22 +0800
committerCosimo Cecchi <cosimoc@gnome.org>2010-10-04 17:22:47 +0800
commit6c7d6ae27283e2a54b97198baedfe9c26b812b46 (patch)
tree2753434c52abb745f248cb25b1bc69f880d0f757
parentf060ca8527d66c601d624394f4d46c037c713f34 (diff)
downloadgsoc2013-empathy-6c7d6ae27283e2a54b97198baedfe9c26b812b46.tar
gsoc2013-empathy-6c7d6ae27283e2a54b97198baedfe9c26b812b46.tar.gz
gsoc2013-empathy-6c7d6ae27283e2a54b97198baedfe9c26b812b46.tar.bz2
gsoc2013-empathy-6c7d6ae27283e2a54b97198baedfe9c26b812b46.tar.lz
gsoc2013-empathy-6c7d6ae27283e2a54b97198baedfe9c26b812b46.tar.xz
gsoc2013-empathy-6c7d6ae27283e2a54b97198baedfe9c26b812b46.tar.zst
gsoc2013-empathy-6c7d6ae27283e2a54b97198baedfe9c26b812b46.zip
Don't ignore the CA certificate if it's the only one in the chain
This avoids auth-client crashes for servers which provide only a self-signed CA as TLS certificate on connect (#631095).
-rw-r--r--libempathy/empathy-tls-verifier.c5
1 files changed, 4 insertions, 1 deletions
diff --git a/libempathy/empathy-tls-verifier.c b/libempathy/empathy-tls-verifier.c
index 517ae9e5b..13727db17 100644
--- a/libempathy/empathy-tls-verifier.c
+++ b/libempathy/empathy-tls-verifier.c
@@ -260,10 +260,13 @@ real_start_verification (EmpathyTLSVerifier *self)
/* if the last certificate is self-signed, and we have a list of
* trusted CAs, ignore it, as we want to check the chain against our
* trusted CAs list first.
+ * if we have only one certificate in the chain, don't ignore it though,
+ * as it's the CA certificate itself.
*/
last_cert = g_ptr_array_index (priv->cert_chain, num_certs - 1);
- if (gnutls_x509_crt_check_issuer (last_cert, last_cert) > 0)
+ if (gnutls_x509_crt_check_issuer (last_cert, last_cert) > 0 &&
+ num_certs > 1)
num_certs--;
}