gajim: check ssl certificate against hostname only if we use sec...

Fri, 06 Jan 2012 00:48:43 -0800 

changeset fba52fd936cc in /home/hg/repos/gajim

details:http://hg.gajim.org/gajim?cmd=changeset;node=fba52fd936cc
description: check ssl certificate against hostname only if we use secured 
connection. Fixes #7071

diffstat:

 src/common/connection.py |  30 ++++++++++++++----------------
 1 files changed, 14 insertions(+), 16 deletions(-)

diffs (42 lines):

diff -r ab8fe4739898 -r fba52fd936cc src/common/connection.py
--- a/src/common/connection.py  Thu Jan 05 20:09:33 2012 +0100
+++ b/src/common/connection.py  Fri Jan 06 09:45:11 2012 +0100
@@ -1304,24 +1304,22 @@
             else:
                 gajim.config.set_per('accounts', self.name,
                     'ssl_fingerprint_sha1', 
con.Connection.ssl_fingerprint_sha1)
-        if not check_X509.check_certificate(con.Connection.ssl_certificate,
-        hostname) and '100' not in gajim.config.get_per('accounts', self.name,
-        'ignore_ssl_errors').split():
-            txt = _('The authenticity of the %s certificate could be invalid.'
-                '\nThe certificate does not cover this domain.') % hostname
-            gajim.nec.push_incoming_event(SSLErrorEvent(None, conn=self,
-                error_text=txt, error_num=100, 
cert=con.Connection.ssl_cert_pem,
-                fingerprint=con.Connection.ssl_fingerprint_sha1,
-                certificate=con.Connection.ssl_certificate))
-            return True
+            if not check_X509.check_certificate(con.Connection.ssl_certificate,
+            hostname) and '100' not in gajim.config.get_per('accounts',
+            self.name, 'ignore_ssl_errors').split():
+                txt = _('The authenticity of the %s certificate could be '
+                    'invalid.\nThe certificate does not cover this domain.') % 
\
+                    hostname
+                gajim.nec.push_incoming_event(SSLErrorEvent(None, conn=self,
+                    error_text=txt, error_num=100,
+                    cert=con.Connection.ssl_cert_pem,
+                    fingerprint=con.Connection.ssl_fingerprint_sha1,
+                    certificate=con.Connection.ssl_certificate))
+                return True
 
         self._register_handlers(con, con_type)
-        con.auth(
-                user=name,
-                password=self.password,
-                resource=self.server_resource,
-                sasl=1,
-                on_auth=self.__on_auth)
+        con.auth(user=name, password=self.password,
+            resource=self.server_resource, sasl=1, on_auth=self.__on_auth)
 
     def ssl_certificate_accepted(self):
         if not self.connection:
_______________________________________________
Commits mailing list
[email protected]
http://lists.gajim.org/cgi-bin/listinfo/commits

Reply via email to