aboutsummaryrefslogtreecommitdiffstats
path: root/libempathy/empathy-tls-verifier.c
diff options
context:
space:
mode:
Diffstat (limited to 'libempathy/empathy-tls-verifier.c')
-rw-r--r--libempathy/empathy-tls-verifier.c31
1 files changed, 29 insertions, 2 deletions
diff --git a/libempathy/empathy-tls-verifier.c b/libempathy/empathy-tls-verifier.c
index ef2d5e199..2f33afad2 100644
--- a/libempathy/empathy-tls-verifier.c
+++ b/libempathy/empathy-tls-verifier.c
@@ -152,7 +152,7 @@ build_certificate_list_for_gnutls (GcrCertificateChain *chain,
*n_list = length;
/* See if we have an anchor */
- if (gcr_certificate_chain_get_chain_type (chain) ==
+ if (gcr_certificate_chain_get_status (chain) ==
GCR_CERTIFICATE_CHAIN_ANCHORED)
{
cert = gcr_certificate_chain_get_anchor (chain);
@@ -211,6 +211,32 @@ abort_verification (EmpathyTLSVerifier *self,
}
static void
+debug_certificate_chain (GcrCertificateChain *chain)
+{
+ GEnumClass *enum_class;
+ GEnumValue *enum_value;
+ gint idx, length;
+ GcrCertificate *cert;
+ gchar *subject;
+
+ enum_class = G_ENUM_CLASS
+ (g_type_class_peek (GCR_TYPE_CERTIFICATE_CHAIN_STATUS));
+ enum_value = g_enum_get_value (enum_class,
+ gcr_certificate_chain_get_status (chain));
+ length = gcr_certificate_chain_get_length (chain);
+ DEBUG ("Certificate chain: length %u status %s",
+ length, enum_value ? enum_value->value_nick : "XXX");
+
+ for (idx = 0; idx < length; ++idx)
+ {
+ cert = gcr_certificate_chain_get_certificate (chain, idx);
+ subject = gcr_certificate_get_subject_dn (cert);
+ DEBUG (" Certificate: %s", subject);
+ g_free (subject);
+ }
+}
+
+static void
perform_verification (EmpathyTLSVerifier *self, GcrCertificateChain *chain)
{
gboolean ret = FALSE;
@@ -223,12 +249,13 @@ perform_verification (EmpathyTLSVerifier *self, GcrCertificateChain *chain)
EmpathyTLSVerifierPriv *priv = GET_PRIV (self);
DEBUG ("Performing verification");
+ debug_certificate_chain (chain);
/*
* If the first certificate is an pinned certificate then we completely
* ignore the rest of the verification process.
*/
- if (gcr_certificate_chain_get_chain_type (chain) == GCR_CERTIFICATE_CHAIN_PINNED)
+ if (gcr_certificate_chain_get_status (chain) == GCR_CERTIFICATE_CHAIN_PINNED)
{
DEBUG ("Found pinned certificate for %s", priv->hostname);
complete_verification (self);