Allow certificates from unknown CAs from .onion domains

It's barely possible for .onion servers to provide a non-self-signed cert. But that's fine because encryption is provided independently though TOR.

see #958

1 files changed, 5 insertions, 2 deletions

diff --git a/xmpp-vala/src/core/starttls_xmpp_stream.vala b/xmpp-vala/src/core/starttls_xmpp_stream.vala
index 3df0dffb..401d7295 100644
--- a/xmpp-vala/src/core/starttls_xmpp_stream.vala
+++ b/xmpp-vala/src/core/starttls_xmpp_stream.vala
@@ -4,11 +4,13 @@ public class Xmpp.StartTlsXmppStream : TlsXmppStream {
 
     string host;
     uint16 port;
+    TlsXmppStream.OnInvalidCert on_invalid_cert_outer;
 
-    public StartTlsXmppStream(Jid remote, string host, uint16 port) {
-        this.remote_name = remote;
+    public StartTlsXmppStream(Jid remote, string host, uint16 port, TlsXmppStream.OnInvalidCert on_invalid_cert) {
+        base(remote);
         this.host = host;
         this.port = port;
+        this.on_invalid_cert_outer = on_invalid_cert;
     }
 
     public override async void connect() throws IOStreamError {
@@ -40,6 +42,7 @@ public class Xmpp.StartTlsXmppStream : TlsXmppStream {
                 reset_stream(conn);
 
                 conn.accept_certificate.connect(on_invalid_certificate);
+                conn.accept_certificate.connect(on_invalid_cert_outer);
             } catch (Error e) {
                 stderr.printf("Failed to start TLS: %s\n", e.message);
             }