aboutsummaryrefslogtreecommitdiff
path: root/libdino/src/service/connection_manager.vala
diff options
context:
space:
mode:
Diffstat (limited to 'libdino/src/service/connection_manager.vala')
-rw-r--r--libdino/src/service/connection_manager.vala14
1 files changed, 13 insertions, 1 deletions
diff --git a/libdino/src/service/connection_manager.vala b/libdino/src/service/connection_manager.vala
index 40cd21d4..3ea6386b 100644
--- a/libdino/src/service/connection_manager.vala
+++ b/libdino/src/service/connection_manager.vala
@@ -196,7 +196,9 @@ public class ConnectionManager : Object {
connection_directly_retry[account] = false;
change_connection_state(account, ConnectionState.CONNECTING);
- stream_result = yield Xmpp.establish_stream(account.bare_jid, module_manager.get_modules(account, resource), log_options);
+ stream_result = yield Xmpp.establish_stream(account.bare_jid, module_manager.get_modules(account, resource), log_options,
+ (_, peer_cert, errors) => { return on_invalid_certificate(account.domainpart, peer_cert, errors); }
+ );
connections[account].stream = stream_result.stream;
connection_ongoing[account] = false;
@@ -368,6 +370,16 @@ public class ConnectionManager : Object {
connection_errors[account] = error;
connection_error(account, error);
}
+
+ public static bool on_invalid_certificate(string domain, TlsCertificate peer_cert, TlsCertificateFlags errors) {
+ if (domain.has_suffix(".onion") && errors == TlsCertificateFlags.UNKNOWN_CA) {
+ // It's barely possible for .onion servers to provide a non-self-signed cert.
+ // But that's fine because encryption is provided independently though TOR.
+ warning("Accepting TLS certificate from unknown CA from .onion address %s", domain);
+ return true;
+ }
+ return false;
+ }
}
}
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-05 23:17:47 +0000