diff options
author | fiaxh <git@lightrise.org> | 2020-12-31 19:00:54 +0100 |
---|---|---|
committer | fiaxh <git@lightrise.org> | 2020-12-31 19:04:02 +0100 |
commit | 81a55052707d460a7f437b664682817c2c99dce6 (patch) | |
tree | 0d2b184a98d5a62d47beb2a4a09a13a4ea6e12a4 /xmpp-vala/src/core/direct_tls_xmpp_stream.vala | |
parent | 99e98ac8d97296b0a34351d3bc8b155b0c8fc6db (diff) | |
download | dino-81a55052707d460a7f437b664682817c2c99dce6.tar.gz dino-81a55052707d460a7f437b664682817c2c99dce6.zip |
Allow certificates from unknown CAs from .onion domains
It's barely possible for .onion servers to provide a non-self-signed cert. But that's fine because encryption is provided independently though TOR.
see #958
Diffstat (limited to 'xmpp-vala/src/core/direct_tls_xmpp_stream.vala')
-rw-r--r-- | xmpp-vala/src/core/direct_tls_xmpp_stream.vala | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/xmpp-vala/src/core/direct_tls_xmpp_stream.vala b/xmpp-vala/src/core/direct_tls_xmpp_stream.vala index 1d2f7339..1c262598 100644 --- a/xmpp-vala/src/core/direct_tls_xmpp_stream.vala +++ b/xmpp-vala/src/core/direct_tls_xmpp_stream.vala @@ -2,11 +2,13 @@ public class Xmpp.DirectTlsXmppStream : TlsXmppStream { string host; uint16 port; + TlsXmppStream.OnInvalidCert on_invalid_cert_outer; - public DirectTlsXmppStream(Jid remote, string host, uint16 port) { - this.remote_name = remote; + public DirectTlsXmppStream(Jid remote_name, string host, uint16 port, TlsXmppStream.OnInvalidCert on_invalid_cert) { + base(remote_name); this.host = host; this.port = port; + this.on_invalid_cert_outer = on_invalid_cert; } public override async void connect() throws IOStreamError { @@ -15,10 +17,11 @@ public class Xmpp.DirectTlsXmppStream : TlsXmppStream { debug("Connecting to %s %i (tls)", host, port); IOStream? io_stream = yield client.connect_to_host_async(host, port); TlsConnection tls_connection = TlsClientConnection.new(io_stream, new NetworkAddress(remote_name.to_string(), port)); - #if ALPN_SUPPORT +#if ALPN_SUPPORT tls_connection.set_advertised_protocols(new string[]{"xmpp-client"}); - #endif +#endif tls_connection.accept_certificate.connect(on_invalid_certificate); + tls_connection.accept_certificate.connect(on_invalid_cert_outer); reset_stream(tls_connection); yield setup(); |