diff options
| author | Cosimo Cecchi <cosimoc@gnome.org> | 2010-10-04 17:13:22 +0800 |
|---|---|---|
| committer | Cosimo Cecchi <cosimoc@gnome.org> | 2010-10-04 17:22:47 +0800 |
| commit | 6c7d6ae27283e2a54b97198baedfe9c26b812b46 (patch) | |
| tree | 2753434c52abb745f248cb25b1bc69f880d0f757 /libempathy | |
| parent | f060ca8527d66c601d624394f4d46c037c713f34 (diff) | |
| download | gsoc2013-empathy-6c7d6ae27283e2a54b97198baedfe9c26b812b46.tar gsoc2013-empathy-6c7d6ae27283e2a54b97198baedfe9c26b812b46.tar.gz gsoc2013-empathy-6c7d6ae27283e2a54b97198baedfe9c26b812b46.tar.bz2 gsoc2013-empathy-6c7d6ae27283e2a54b97198baedfe9c26b812b46.tar.lz gsoc2013-empathy-6c7d6ae27283e2a54b97198baedfe9c26b812b46.tar.xz gsoc2013-empathy-6c7d6ae27283e2a54b97198baedfe9c26b812b46.tar.zst gsoc2013-empathy-6c7d6ae27283e2a54b97198baedfe9c26b812b46.zip | |
Don't ignore the CA certificate if it's the only one in the chain
This avoids auth-client crashes for servers which provide only a
self-signed CA as TLS certificate on connect (#631095).
Diffstat (limited to 'libempathy')
| -rw-r--r-- | libempathy/empathy-tls-verifier.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/libempathy/empathy-tls-verifier.c b/libempathy/empathy-tls-verifier.c index 517ae9e5b..13727db17 100644 --- a/libempathy/empathy-tls-verifier.c +++ b/libempathy/empathy-tls-verifier.c @@ -260,10 +260,13 @@ real_start_verification (EmpathyTLSVerifier *self) /* if the last certificate is self-signed, and we have a list of * trusted CAs, ignore it, as we want to check the chain against our * trusted CAs list first. + * if we have only one certificate in the chain, don't ignore it though, + * as it's the CA certificate itself. */ last_cert = g_ptr_array_index (priv->cert_chain, num_certs - 1); - if (gnutls_x509_crt_check_issuer (last_cert, last_cert) > 0) + if (gnutls_x509_crt_check_issuer (last_cert, last_cert) > 0 && + num_certs > 1) num_certs--; } |