Commit 3ca9eeb3 authored by Philipp Hörist's avatar Philipp Hörist
Browse files

fix: Client: Don’t override modified certification errors

When cert errors where detected the certificate-set signal did overwrite
the certficition errors which were already modified by accept_certificate()

This simplifies the code and removes the certificate-set signal
parent 0c7a090e
......@@ -232,6 +232,8 @@ class Client(Observable):
@property
def peer_certificate(self):
if self._con is not None:
return self._con.peer_certificate
return self._peer_certificate, self._peer_certificate_errors
@property
......@@ -360,6 +362,8 @@ class Client(Observable):
return
self.state = StreamState.CONNECTING
self._peer_certificate = None
self._peer_certificate_errors = None
self._reset_error()
self._con = self._get_connection(self._log_context,
......@@ -375,7 +379,6 @@ class Client(Observable):
self._con.subscribe('data-sent', self._on_data_sent)
self._con.subscribe('data-received', self._on_data_received)
self._con.subscribe('bad-certificate', self._on_bad_certificate)
self._con.subscribe('certificate-set', self._on_certificate_set)
self._con.connect()
def _get_connection(self, *args):
......@@ -537,12 +540,9 @@ class Client(Observable):
connection.peer_certificate
self._set_error(StreamError.BAD_CERTIFICATE, 'bad certificate')
def _on_certificate_set(self, connection, _signal_name):
self._peer_certificate, self._peer_certificate_errors = \
connection.peer_certificate
def accept_certificate(self):
self._log.info('Certificate accepted')
assert self._peer_certificate is not None
self._accepted_certificates.append(self._peer_certificate)
self._connect()
......
......@@ -37,7 +37,6 @@ class Connection(Observable):
data-sent
data-received
bad-certificate
certificate-set
connection-failed
disconnected
'''
......
......@@ -125,11 +125,15 @@ class TCPConnection(Connection):
return False
def _on_certificate_set(self, connection, _param):
self._peer_certificate = connection.props.peer_certificate
self._peer_certificate_errors = convert_tls_error_flags(
connection.props.peer_certificate_errors)
if self._peer_certificate is None:
# If the cert has errors _check_certificate() will set the cert and
# _accept_certificate() will modify the error set. If this is the
# case _accept_certificate() modifies the errors.
self._peer_certificate = connection.props.peer_certificate
self._peer_certificate_errors = convert_tls_error_flags(
connection.props.peer_certificate_errors)
self._tls_handshake_in_progress = False
self.notify('certificate-set')
def _on_connect_finished(self, client, result, _user_data):
try:
......
......@@ -99,8 +99,6 @@ class WebsocketConnection(Connection):
self._peer_certificate = certificate
self._peer_certificate_errors = convert_tls_error_flags(errors)
self.notify('certificate-set')
if self._accept_certificate():
return
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment