From 6d947c42b5e573cb350a1354a47a3a806a22cbb2 Mon Sep 17 00:00:00 2001
From: fiaxh <git@mx.ax.lt>
Date: Sat, 15 Sep 2018 16:11:05 +0200
Subject: Notification on TLS error/wrong password, log TLS cert issues, don't
 make account with connection error appear disabled in accounts dialog

---
 xmpp-vala/src/module/tls.vala | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

(limited to 'xmpp-vala/src/module/tls.vala')

diff --git a/xmpp-vala/src/module/tls.vala b/xmpp-vala/src/module/tls.vala
index 7118a321..f2d58d32 100644
--- a/xmpp-vala/src/module/tls.vala
+++ b/xmpp-vala/src/module/tls.vala
@@ -4,6 +4,7 @@ namespace Xmpp.Tls {
     public class Module : XmppStreamNegotiationModule {
         public static ModuleIdentity<Module> IDENTITY = new ModuleIdentity<Module>(NS_URI, "tls_module");
 
+        public signal void invalid_certificate(TlsCertificate peer_cert, TlsCertificateFlags errors);
         public bool require { get; set; default = true; }
         public bool server_supports_tls = false;
         public bool server_requires_tls = false;
@@ -27,6 +28,7 @@ namespace Xmpp.Tls {
                     var conn = TlsClientConnection.new(io_stream, identity);
                     stream.reset_stream(conn);
 
+                    conn.accept_certificate.connect(on_invalid_certificate);
                     var flag = stream.get_flag(Flag.IDENTITY);
                     flag.peer_certificate = conn.get_peer_certificate();
                     flag.finished = true;
@@ -56,6 +58,19 @@ namespace Xmpp.Tls {
             }
         }
 
+        public static bool on_invalid_certificate(TlsCertificate peer_cert, TlsCertificateFlags errors) {
+            string error_str = "";
+            foreach (var f in new TlsCertificateFlags[]{TlsCertificateFlags.UNKNOWN_CA, TlsCertificateFlags.BAD_IDENTITY,
+                    TlsCertificateFlags.NOT_ACTIVATED, TlsCertificateFlags.EXPIRED, TlsCertificateFlags.REVOKED,
+                    TlsCertificateFlags.INSECURE, TlsCertificateFlags.GENERIC_ERROR, TlsCertificateFlags.VALIDATE_ALL}) {
+                if (f in errors) {
+                    error_str += @"$(f), ";
+                }
+            }
+            warning(@"Tls Certificate Errors: $(error_str)");
+            return false;
+        }
+
         public override bool mandatory_outstanding(XmppStream stream) {
             return require && (!stream.has_flag(Flag.IDENTITY) || !stream.get_flag(Flag.IDENTITY).finished);
         }
-- 
cgit v1.2.3-54-g00ecf