Use ServerTLSConnection.ReferenceIdentities to check cert identity.

The certificate identity can be checked against more than just
one piece of information. Load and use all the reference identities
to check the identity of the certificate.

https://bugzilla.gnome.org/show_bug.cgi?id=645119

1 files changed, 5 insertions, 1 deletions

diff --git a/src/empathy-auth-client.c b/src/empathy-auth-client.c
index 907c349ac..2a1e42525 100644
--- a/src/empathy-auth-client.c
+++ b/src/empathy-auth-client.c
@@ -191,6 +191,7 @@ auth_factory_new_tls_handler_cb (EmpathyAuthFactory *factory,
 {
   EmpathyTLSCertificate *certificate = NULL;
   gchar *hostname = NULL;
+  gchar **reference_identities = NULL;
   EmpathyTLSVerifier *verifier;
 
   DEBUG ("New TLS server handler received from the factory");
@@ -198,15 +199,18 @@ auth_factory_new_tls_handler_cb (EmpathyAuthFactory *factory,
   g_object_get (handler,
       "certificate", &certificate,
       "hostname", &hostname,
+      "reference-identities", &reference_identities,
       NULL);
 
-  verifier = empathy_tls_verifier_new (certificate, hostname);
+  verifier = empathy_tls_verifier_new (certificate, hostname,
+      (const gchar **) reference_identities);
   empathy_tls_verifier_verify_async (verifier,
       verifier_verify_cb, NULL);
 
   g_object_unref (verifier);
   g_object_unref (certificate);
   g_free (hostname);
+  g_strfreev (reference_identities);
 }
 
 static void