From 81a55052707d460a7f437b664682817c2c99dce6 Mon Sep 17 00:00:00 2001 From: fiaxh Date: Thu, 31 Dec 2020 19:00:54 +0100 Subject: Allow certificates from unknown CAs from .onion domains It's barely possible for .onion servers to provide a non-self-signed cert. But that's fine because encryption is provided independently though TOR. see #958 --- xmpp-vala/src/core/direct_tls_xmpp_stream.vala | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) (limited to 'xmpp-vala/src/core/direct_tls_xmpp_stream.vala') diff --git a/xmpp-vala/src/core/direct_tls_xmpp_stream.vala b/xmpp-vala/src/core/direct_tls_xmpp_stream.vala index 1d2f7339..1c262598 100644 --- a/xmpp-vala/src/core/direct_tls_xmpp_stream.vala +++ b/xmpp-vala/src/core/direct_tls_xmpp_stream.vala @@ -2,11 +2,13 @@ public class Xmpp.DirectTlsXmppStream : TlsXmppStream { string host; uint16 port; + TlsXmppStream.OnInvalidCert on_invalid_cert_outer; - public DirectTlsXmppStream(Jid remote, string host, uint16 port) { - this.remote_name = remote; + public DirectTlsXmppStream(Jid remote_name, string host, uint16 port, TlsXmppStream.OnInvalidCert on_invalid_cert) { + base(remote_name); this.host = host; this.port = port; + this.on_invalid_cert_outer = on_invalid_cert; } public override async void connect() throws IOStreamError { @@ -15,10 +17,11 @@ public class Xmpp.DirectTlsXmppStream : TlsXmppStream { debug("Connecting to %s %i (tls)", host, port); IOStream? io_stream = yield client.connect_to_host_async(host, port); TlsConnection tls_connection = TlsClientConnection.new(io_stream, new NetworkAddress(remote_name.to_string(), port)); - #if ALPN_SUPPORT +#if ALPN_SUPPORT tls_connection.set_advertised_protocols(new string[]{"xmpp-client"}); - #endif +#endif tls_connection.accept_certificate.connect(on_invalid_certificate); + tls_connection.accept_certificate.connect(on_invalid_cert_outer); reset_stream(tls_connection); yield setup(); -- cgit v1.2.3-54-g00ecf