From 81a55052707d460a7f437b664682817c2c99dce6 Mon Sep 17 00:00:00 2001
From: fiaxh <git@lightrise.org>
Date: Thu, 31 Dec 2020 19:00:54 +0100
Subject: Allow certificates from unknown CAs from .onion domains

It's barely possible for .onion servers to provide a non-self-signed cert. But that's fine because encryption is provided independently though TOR.

see #958
---
 xmpp-vala/src/core/tls_xmpp_stream.vala | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'xmpp-vala/src/core/tls_xmpp_stream.vala')

diff --git a/xmpp-vala/src/core/tls_xmpp_stream.vala b/xmpp-vala/src/core/tls_xmpp_stream.vala
index 956a9a22..f47b3c80 100644
--- a/xmpp-vala/src/core/tls_xmpp_stream.vala
+++ b/xmpp-vala/src/core/tls_xmpp_stream.vala
@@ -2,6 +2,12 @@ public abstract class Xmpp.TlsXmppStream : IoXmppStream {
 
     public TlsCertificateFlags? errors;
 
+    public delegate bool OnInvalidCert(GLib.TlsConnection conn, GLib.TlsCertificate peer_cert, GLib.TlsCertificateFlags errors);
+
+    protected TlsXmppStream(Jid remote_name) {
+        base(remote_name);
+    }
+
     protected bool on_invalid_certificate(TlsCertificate peer_cert, TlsCertificateFlags errors) {
         this.errors = errors;
 
@@ -13,7 +19,7 @@ public abstract class Xmpp.TlsXmppStream : IoXmppStream {
                 error_str += @"$(f), ";
             }
         }
-        warning(@"Tls Certificate Errors: $(error_str)");
+        warning(@"[%p, %s] Tls Certificate Errors: %s", this, this.remote_name, error_str);
         return false;
     }
 }
\ No newline at end of file
-- 
cgit v1.2.3-54-g00ecf