From 81a55052707d460a7f437b664682817c2c99dce6 Mon Sep 17 00:00:00 2001 From: fiaxh Date: Thu, 31 Dec 2020 19:00:54 +0100 Subject: Allow certificates from unknown CAs from .onion domains It's barely possible for .onion servers to provide a non-self-signed cert. But that's fine because encryption is provided independently though TOR. see #958 --- xmpp-vala/src/core/starttls_xmpp_stream.vala | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'xmpp-vala/src/core/starttls_xmpp_stream.vala') diff --git a/xmpp-vala/src/core/starttls_xmpp_stream.vala b/xmpp-vala/src/core/starttls_xmpp_stream.vala index 3df0dffb..401d7295 100644 --- a/xmpp-vala/src/core/starttls_xmpp_stream.vala +++ b/xmpp-vala/src/core/starttls_xmpp_stream.vala @@ -4,11 +4,13 @@ public class Xmpp.StartTlsXmppStream : TlsXmppStream { string host; uint16 port; + TlsXmppStream.OnInvalidCert on_invalid_cert_outer; - public StartTlsXmppStream(Jid remote, string host, uint16 port) { - this.remote_name = remote; + public StartTlsXmppStream(Jid remote, string host, uint16 port, TlsXmppStream.OnInvalidCert on_invalid_cert) { + base(remote); this.host = host; this.port = port; + this.on_invalid_cert_outer = on_invalid_cert; } public override async void connect() throws IOStreamError { @@ -40,6 +42,7 @@ public class Xmpp.StartTlsXmppStream : TlsXmppStream { reset_stream(conn); conn.accept_certificate.connect(on_invalid_certificate); + conn.accept_certificate.connect(on_invalid_cert_outer); } catch (Error e) { stderr.printf("Failed to start TLS: %s\n", e.message); } -- cgit v1.2.3-54-g00ecf