fix: Client: Don’t override modified certification errors

When cert errors where detected the certificate-set signal did overwrite the certficition errors which were already modified by accept_certificate() This simplifies the code and removes the certificate-set signal

fix: Client: Don’t override modified certification errors
When cert errors where detected the certificate-set signal did overwrite the certficition errors which were already modified by accept_certificate() This simplifies the code and removes the certificate-set signal
3ca9eeb3 · Philipp Hörist · 0c7a090e · 3ca9eeb3 · 3ca9eeb3 · 3ca9eeb3
Commit 3ca9eeb3 authored Oct 16, 2022 by Philipp Hörist
--- a/nbxmpp/client.py
+++ b/nbxmpp/client.py
@@ -232,6 +232,8 @@ class Client(Observable):

    @property
    def peer_certificate(self):
+        if self._con is not None:
+            return self._con.peer_certificate
        return self._peer_certificate, self._peer_certificate_errors

    @property
@@ -360,6 +362,8 @@ class Client(Observable):
            return

        self.state = StreamState.CONNECTING
+        self._peer_certificate = None
+        self._peer_certificate_errors = None
        self._reset_error()

        self._con = self._get_connection(self._log_context,
@@ -375,7 +379,6 @@ class Client(Observable):
        self._con.subscribe('data-sent', self._on_data_sent)
        self._con.subscribe('data-received', self._on_data_received)
        self._con.subscribe('bad-certificate', self._on_bad_certificate)
-        self._con.subscribe('certificate-set', self._on_certificate_set)
        self._con.connect()

    def _get_connection(self, *args):
@@ -537,12 +540,9 @@ class Client(Observable):
            connection.peer_certificate
        self._set_error(StreamError.BAD_CERTIFICATE, 'bad certificate')

-    def _on_certificate_set(self, connection, _signal_name):
-        self._peer_certificate, self._peer_certificate_errors = \
-            connection.peer_certificate
-
    def accept_certificate(self):
        self._log.info('Certificate accepted')
+        assert self._peer_certificate is not None
        self._accepted_certificates.append(self._peer_certificate)
        self._connect()


--- a/nbxmpp/connection.py
+++ b/nbxmpp/connection.py
@@ -37,7 +37,6 @@ class Connection(Observable):
        data-sent
        data-received
        bad-certificate
-        certificate-set
        connection-failed
        disconnected
    '''

--- a/nbxmpp/tcp.py
+++ b/nbxmpp/tcp.py
@@ -125,11 +125,15 @@ class TCPConnection(Connection):
        return False

    def _on_certificate_set(self, connection, _param):
-        self._peer_certificate = connection.props.peer_certificate
-        self._peer_certificate_errors = convert_tls_error_flags(
-            connection.props.peer_certificate_errors)
+        if self._peer_certificate is None:
+            # If the cert has errors _check_certificate() will set the cert and
+            # _accept_certificate() will modify the error set. If this is the
+            # case _accept_certificate() modifies the errors.
+            self._peer_certificate = connection.props.peer_certificate
+            self._peer_certificate_errors = convert_tls_error_flags(
+                connection.props.peer_certificate_errors)
+
        self._tls_handshake_in_progress = False
-        self.notify('certificate-set')

    def _on_connect_finished(self, client, result, _user_data):
        try:

--- a/nbxmpp/websocket.py
+++ b/nbxmpp/websocket.py
@@ -99,8 +99,6 @@ class WebsocketConnection(Connection):
        self._peer_certificate = certificate
        self._peer_certificate_errors = convert_tls_error_flags(errors)

-        self.notify('certificate-set')
-
        if self._accept_certificate():
            return