Skip to content

GitLab

Closed
Created by fedor.brunner@fedor.brunner

Fails to verify SSL certificates

bug description

  1. create an account for a XMPP server with self-signed certificate. The has to be a new certificate which was not used for previous connections.
  2. try to connect to this XMPP server
  3. An confirmation window should be displayed "Error verifying SSL certificate". But this window is not displayed and connection proceeds without warning. This is a bug.

bug analysis

The _ssl_verify_callback is called twice for every certificate in certificate chain: First time with ok=0 and non-zero errnum. Second time then with ok=1 and zero errnum. The changeset 2d6e5d6949e854509c9a145cf97ab0fdf1d8ccce caused that self._owner.ssl_errnum was overwritten twice: first time with non-zero value and second time with zero.

The two calls of callback are correct and documented. See preverify_ok in SSL_CTX_set_verify

fix recommendation

Check the value of ok parameter in _ssl_verify_callback