Commit dc0b0e99 authored by Yann Leboulanger's avatar Yann Leboulanger
Browse files

check ssl certificate against hostname only if we use secured connection. Fixes #7071

parent c7dbcb30
...@@ -1315,24 +1315,22 @@ class Connection(CommonConnection, ConnectionHandlers): ...@@ -1315,24 +1315,22 @@ class Connection(CommonConnection, ConnectionHandlers):
else: else:
gajim.config.set_per('accounts', self.name, gajim.config.set_per('accounts', self.name,
'ssl_fingerprint_sha1', con.Connection.ssl_fingerprint_sha1) 'ssl_fingerprint_sha1', con.Connection.ssl_fingerprint_sha1)
if not check_X509.check_certificate(con.Connection.ssl_certificate, if not check_X509.check_certificate(con.Connection.ssl_certificate,
hostname) and '100' not in gajim.config.get_per('accounts', self.name, hostname) and '100' not in gajim.config.get_per('accounts',
'ignore_ssl_errors').split(): self.name, 'ignore_ssl_errors').split():
txt = _('The authenticity of the %s certificate could be invalid.' txt = _('The authenticity of the %s certificate could be '
'\nThe certificate does not cover this domain.') % hostname 'invalid.\nThe certificate does not cover this domain.') % \
gajim.nec.push_incoming_event(SSLErrorEvent(None, conn=self, hostname
error_text=txt, error_num=100, cert=con.Connection.ssl_cert_pem, gajim.nec.push_incoming_event(SSLErrorEvent(None, conn=self,
fingerprint=con.Connection.ssl_fingerprint_sha1, error_text=txt, error_num=100,
certificate=con.Connection.ssl_certificate)) cert=con.Connection.ssl_cert_pem,
return True fingerprint=con.Connection.ssl_fingerprint_sha1,
certificate=con.Connection.ssl_certificate))
return True
self._register_handlers(con, con_type) self._register_handlers(con, con_type)
con.auth( con.auth(user=name, password=self.password,
user=name, resource=self.server_resource, sasl=1, on_auth=self.__on_auth)
password=self.password,
resource=self.server_resource,
sasl=1,
on_auth=self.__on_auth)
def ssl_certificate_accepted(self): def ssl_certificate_accepted(self):
if not self.connection: if not self.connection:
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment