aboutsummaryrefslogtreecommitdiff
path: root/xmpp-vala/src/module/tls.vala
diff options
context:
space:
mode:
Diffstat (limited to 'xmpp-vala/src/module/tls.vala')
-rw-r--r--xmpp-vala/src/module/tls.vala15
1 files changed, 15 insertions, 0 deletions
diff --git a/xmpp-vala/src/module/tls.vala b/xmpp-vala/src/module/tls.vala
index 7118a321..f2d58d32 100644
--- a/xmpp-vala/src/module/tls.vala
+++ b/xmpp-vala/src/module/tls.vala
@@ -4,6 +4,7 @@ namespace Xmpp.Tls {
public class Module : XmppStreamNegotiationModule {
public static ModuleIdentity<Module> IDENTITY = new ModuleIdentity<Module>(NS_URI, "tls_module");
+ public signal void invalid_certificate(TlsCertificate peer_cert, TlsCertificateFlags errors);
public bool require { get; set; default = true; }
public bool server_supports_tls = false;
public bool server_requires_tls = false;
@@ -27,6 +28,7 @@ namespace Xmpp.Tls {
var conn = TlsClientConnection.new(io_stream, identity);
stream.reset_stream(conn);
+ conn.accept_certificate.connect(on_invalid_certificate);
var flag = stream.get_flag(Flag.IDENTITY);
flag.peer_certificate = conn.get_peer_certificate();
flag.finished = true;
@@ -56,6 +58,19 @@ namespace Xmpp.Tls {
}
}
+ public static bool on_invalid_certificate(TlsCertificate peer_cert, TlsCertificateFlags errors) {
+ string error_str = "";
+ foreach (var f in new TlsCertificateFlags[]{TlsCertificateFlags.UNKNOWN_CA, TlsCertificateFlags.BAD_IDENTITY,
+ TlsCertificateFlags.NOT_ACTIVATED, TlsCertificateFlags.EXPIRED, TlsCertificateFlags.REVOKED,
+ TlsCertificateFlags.INSECURE, TlsCertificateFlags.GENERIC_ERROR, TlsCertificateFlags.VALIDATE_ALL}) {
+ if (f in errors) {
+ error_str += @"$(f), ";
+ }
+ }
+ warning(@"Tls Certificate Errors: $(error_str)");
+ return false;
+ }
+
public override bool mandatory_outstanding(XmppStream stream) {
return require && (!stream.has_flag(Flag.IDENTITY) || !stream.get_flag(Flag.IDENTITY).finished);
}