From 6d947c42b5e573cb350a1354a47a3a806a22cbb2 Mon Sep 17 00:00:00 2001 From: fiaxh Date: Sat, 15 Sep 2018 16:11:05 +0200 Subject: Notification on TLS error/wrong password, log TLS cert issues, don't make account with connection error appear disabled in accounts dialog --- xmpp-vala/src/module/tls.vala | 15 +++++++++++++++ xmpp-vala/src/module/xep/0368_srv_records_tls.vala | 5 +++-- 2 files changed, 18 insertions(+), 2 deletions(-) (limited to 'xmpp-vala/src/module') diff --git a/xmpp-vala/src/module/tls.vala b/xmpp-vala/src/module/tls.vala index 7118a321..f2d58d32 100644 --- a/xmpp-vala/src/module/tls.vala +++ b/xmpp-vala/src/module/tls.vala @@ -4,6 +4,7 @@ namespace Xmpp.Tls { public class Module : XmppStreamNegotiationModule { public static ModuleIdentity IDENTITY = new ModuleIdentity(NS_URI, "tls_module"); + public signal void invalid_certificate(TlsCertificate peer_cert, TlsCertificateFlags errors); public bool require { get; set; default = true; } public bool server_supports_tls = false; public bool server_requires_tls = false; @@ -27,6 +28,7 @@ namespace Xmpp.Tls { var conn = TlsClientConnection.new(io_stream, identity); stream.reset_stream(conn); + conn.accept_certificate.connect(on_invalid_certificate); var flag = stream.get_flag(Flag.IDENTITY); flag.peer_certificate = conn.get_peer_certificate(); flag.finished = true; @@ -56,6 +58,19 @@ namespace Xmpp.Tls { } } + public static bool on_invalid_certificate(TlsCertificate peer_cert, TlsCertificateFlags errors) { + string error_str = ""; + foreach (var f in new TlsCertificateFlags[]{TlsCertificateFlags.UNKNOWN_CA, TlsCertificateFlags.BAD_IDENTITY, + TlsCertificateFlags.NOT_ACTIVATED, TlsCertificateFlags.EXPIRED, TlsCertificateFlags.REVOKED, + TlsCertificateFlags.INSECURE, TlsCertificateFlags.GENERIC_ERROR, TlsCertificateFlags.VALIDATE_ALL}) { + if (f in errors) { + error_str += @"$(f), "; + } + } + warning(@"Tls Certificate Errors: $(error_str)"); + return false; + } + public override bool mandatory_outstanding(XmppStream stream) { return require && (!stream.has_flag(Flag.IDENTITY) || !stream.get_flag(Flag.IDENTITY).finished); } diff --git a/xmpp-vala/src/module/xep/0368_srv_records_tls.vala b/xmpp-vala/src/module/xep/0368_srv_records_tls.vala index 8da8ba0c..87c8e433 100644 --- a/xmpp-vala/src/module/xep/0368_srv_records_tls.vala +++ b/xmpp-vala/src/module/xep/0368_srv_records_tls.vala @@ -37,9 +37,10 @@ public class TlsConnectionProvider : ConnectionProvider { SocketClient client = new SocketClient(); try { IOStream? io_stream = yield client.connect_to_host_async(srv_target.get_hostname(), srv_target.get_port()); - io_stream = TlsClientConnection.new(io_stream, new NetworkAddress(stream.remote_name.to_string(), srv_target.get_port())); + TlsConnection tls_connection = TlsClientConnection.new(io_stream, new NetworkAddress(stream.remote_name.to_string(), srv_target.get_port())); + tls_connection.accept_certificate.connect(Tls.Module.on_invalid_certificate); stream.add_flag(new Tls.Flag() { finished=true }); - return io_stream; + return tls_connection; } catch (Error e) { return null; } -- cgit v1.2.3-54-g00ecf