update die to nbxmpp update

d335c2c6 · Yann Leboulanger · 97cc738d · d335c2c6 · d335c2c6 · d335c2c6
Commit d335c2c6 authored Dec 06, 2013 by Yann Leboulanger
Showing with 51 additions and 38 deletions

src/common/connection.py src/common/connection.py +33 -30

src/common/connection_handlers_events.py src/common/connection_handlers_events.py +7 -8

src/common/gajim.py src/common/gajim.py +11 -0

No files found.
--- a/src/common/connection.py
+++ b/src/common/connection.py
@@ -61,6 +61,9 @@
 from common import check_X509
 from connection_handlers import *

+if gajim.HAVE_PYOPENSSL:
+    import OpenSSL.crypto
+
 from nbxmpp import Smacks
 from string import Template
 import logging
@@ -1382,49 +1385,49 @@ def connection_accepted(self, con, con_type):
        try:
            errnum = con.Connection.ssl_errnum
        except AttributeError:
-            errnum = [] # we don't have an errnum
-        for i, er in enumerate(errnum):
-            if er > 0 and str(er) not in gajim.config.get_per('accounts',
-            self.name, 'ignore_ssl_errors').split():
-                text = _('The authenticity of the %s certificate could be '
-                    'invalid.') % hostname
-                if er in ssl_error:
-                    text += _('\nSSL Error: <b>%s</b>') % ssl_error[er]
-                else:
-                    text += _('\nUnknown SSL error: %d') % er
-                gajim.nec.push_incoming_event(SSLErrorEvent(None, conn=self,
-                    error_text=text, error_num=er,
-                    cert=con.Connection.ssl_cert_pem[i],
-                    fingerprint=con.Connection.ssl_fingerprint_sha1[i],
-                    certificate=con.Connection.ssl_certificate[i]))
-                return True
-        if con.Connection.ssl_fingerprint_sha1:
+            errnum = 0
+        cert = con.Connection.ssl_certificate
+        if errnum > 0 and str(errnum) not in gajim.config.get_per('accounts',
+        self.name, 'ignore_ssl_errors').split():
+            text = _('The authenticity of the %s certificate could be invlid') \
+                % hostname
+            if errnum in ssl_error:
+                text += _('\nSSL Error: <b>%s</b>') % ssl_error[errnum]
+            else:
+                text += _('\nUnknown SSL error: %d') % errnum
+            fingerprint = cert.digest('sha1')
+            pem = OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM,
+                cert)
+            gajim.nec.push_incoming_event(SSLErrorEvent(None, conn=self,
+                error_text=text, error_num=errnum, cert=pem,
+                fingerprint=fingerprint, certificate=cert))
+            return True
+        if cert:
+            fingerprint = cert.digest('sha1')
            saved_fingerprint = gajim.config.get_per('accounts', self.name,
                'ssl_fingerprint_sha1')
            if saved_fingerprint:
                # Check sha1 fingerprint
-                if con.Connection.ssl_fingerprint_sha1[-1] != saved_fingerprint:
+                if fingerprint != saved_fingerprint:
                    gajim.nec.push_incoming_event(FingerprintErrorEvent(None,
-                        conn=self,
-                        certificate=con.Connection.ssl_certificate[-1],
-                        new_fingerprint=con.Connection.ssl_fingerprint_sha1[
-                        -1]))
+                        conn=self, certificate=con.Connection.ssl_certificate,
+                        new_fingerprint=fingerprint))
                    return True
            else:
                gajim.config.set_per('accounts', self.name,
-                    'ssl_fingerprint_sha1',
-                    con.Connection.ssl_fingerprint_sha1[-1])
-            if not check_X509.check_certificate(con.Connection.ssl_certificate[
-            -1], hostname) and '100' not in gajim.config.get_per('accounts',
+                    'ssl_fingerprint_sha1', fingerprint)
+            if not check_X509.check_certificate(con.Connection.ssl_certificate,
+            hostname) and '100' not in gajim.config.get_per('accounts',
            self.name, 'ignore_ssl_errors').split():
+                fingerprint = cert.digest('sha1')
+                pem = OpenSSL.crypto.dump_certificate(
+                    OpenSSL.crypto.FILETYPE_PEM, cert)
                txt = _('The authenticity of the %s certificate could be '
                    'invalid.\nThe certificate does not cover this domain.') % \
                    hostname
                gajim.nec.push_incoming_event(SSLErrorEvent(None, conn=self,
-                    error_text=txt, error_num=100,
-                    cert=con.Connection.ssl_cert_pem[-1],
-                    fingerprint=con.Connection.ssl_fingerprint_sha1[-1],
-                    certificate=con.Connection.ssl_certificate[-1]))
+                    error_text=txt, error_num=100, cert=pem,
+                    fingerprint=fingerprint, certificate=cert))
                return True

        self._register_handlers(con, con_type)

--- a/src/common/connection_handlers_events.py
+++ b/src/common/connection_handlers_events.py
@@ -1626,20 +1626,19 @@ def generate(self):
        try:
            self.errnum = self.conn.connection.Connection.ssl_errnum
        except AttributeError:
-            self.errnum = [] # we don't have an errnum
+            self.errnum = 0 # we don't have an errnum
        self.ssl_msg = ''
-        for er in self.errnum:
-            if er > 0:
-                from common.connection import ssl_error
-                self.ssl_msg = ssl_error.get(er, _('Unknown SSL error: %d') % \
-                    er)
+        if self.errnum > 0:
+            from common.connection import ssl_error
+            self.ssl_msg = ssl_error.get(er, _('Unknown SSL error: %d') % \
+                self.errnum)
        self.ssl_cert = ''
        if len(self.conn.connection.Connection.ssl_cert_pem):
            self.ssl_cert = self.conn.connection.Connection.ssl_cert_pem
        self.ssl_fingerprint = ''
-        if len(self.conn.connection.Connection.ssl_fingerprint_sha1):
+        if self.conn.connection.Connection.ssl_certificate:
            self.ssl_fingerprint = \
-                self.conn.connection.Connection.ssl_fingerprint_sha1
+                self.conn.connection.Connection.ssl_certificate.digest('sha1')
        return True

 class NewAccountNotConnectedEvent(nec.NetworkIncomingEvent):

--- a/src/common/gajim.py
+++ b/src/common/gajim.py
@@ -172,6 +172,17 @@
    if subprocess.call(gpg_cmd, shell=True):
        HAVE_GPG = False

+HAVE_PYOPENSSL = True
+try:
+    import OpenSSL.SSL
+    import OpenSSL.crypto
+    ver = OpenSSL.__version__
+    ver_l = [int(i) for i in ver.split('.')]
+    if ver_l < [0, 12]:
+        raise ImportError
+except Exception:
+    HAVE_PYOPENSSL = False
+
 HAVE_FARSTREAM = True
 try:
    farstream = __import__('farstream')