Fails to verify SSL certificates
bug description
- create an account for a XMPP server with self-signed certificate. The has to be a new certificate which was not used for previous connections.
- try to connect to this XMPP server
- An confirmation window should be displayed "Error verifying SSL certificate". But this window is not displayed and connection proceeds without warning. This is a bug.
bug analysis
The _ssl_verify_callback
is called twice for every certificate in certificate chain: First time with ok=0 and non-zero errnum. Second time then with ok=1 and zero errnum. The changeset 2d6e5d6949e854509c9a145cf97ab0fdf1d8ccce caused that self._owner.ssl_errnum
was overwritten twice: first time with non-zero value and second time with zero.
The two calls of callback are correct and documented. See preverify_ok in SSL_CTX_set_verify
fix recommendation
Check the value of ok
parameter in _ssl_verify_callback