mirror of
https://github.com/TakeV-Lambda/dino.git
synced 2024-09-30 22:45:51 +00:00
81a5505270
It's barely possible for .onion servers to provide a non-self-signed cert. But that's fine because encryption is provided independently though TOR. see #958
25 lines
1 KiB
Vala
25 lines
1 KiB
Vala
public abstract class Xmpp.TlsXmppStream : IoXmppStream {
|
|
|
|
public TlsCertificateFlags? errors;
|
|
|
|
public delegate bool OnInvalidCert(GLib.TlsConnection conn, GLib.TlsCertificate peer_cert, GLib.TlsCertificateFlags errors);
|
|
|
|
protected TlsXmppStream(Jid remote_name) {
|
|
base(remote_name);
|
|
}
|
|
|
|
protected bool on_invalid_certificate(TlsCertificate peer_cert, TlsCertificateFlags errors) {
|
|
this.errors = errors;
|
|
|
|
string error_str = "";
|
|
foreach (var f in new TlsCertificateFlags[]{TlsCertificateFlags.UNKNOWN_CA, TlsCertificateFlags.BAD_IDENTITY,
|
|
TlsCertificateFlags.NOT_ACTIVATED, TlsCertificateFlags.EXPIRED, TlsCertificateFlags.REVOKED,
|
|
TlsCertificateFlags.INSECURE, TlsCertificateFlags.GENERIC_ERROR, TlsCertificateFlags.VALIDATE_ALL}) {
|
|
if (f in errors) {
|
|
error_str += @"$(f), ";
|
|
}
|
|
}
|
|
warning(@"[%p, %s] Tls Certificate Errors: %s", this, this.remote_name, error_str);
|
|
return false;
|
|
}
|
|
} |