TakeV/dino
1
0
Fork 0
mirror of https://github.com/TakeV-Lambda/dino.git synced 2024-09-30 22:45:51 +00:00
Code Issues Packages Projects Releases Wiki Activity
dino/xmpp-vala/src/core/tls_xmpp_stream.vala
fiaxh 81a5505270 Allow certificates from unknown CAs from .onion domains 
It's barely possible for .onion servers to provide a non-self-signed cert. But that's fine because encryption is provided independently though TOR.

see #958
2020-12-31 19:04:02 +01:00

25 lines
1 KiB
Vala
Raw Blame History

public abstract class Xmpp.TlsXmppStream : IoXmppStream {
public TlsCertificateFlags? errors;
public delegate bool OnInvalidCert(GLib.TlsConnection conn, GLib.TlsCertificate peer_cert, GLib.TlsCertificateFlags errors);
protected TlsXmppStream(Jid remote_name) {
base(remote_name);
}
protected bool on_invalid_certificate(TlsCertificate peer_cert, TlsCertificateFlags errors) {
this.errors = errors;
string error_str = "";
foreach (var f in new TlsCertificateFlags[]{TlsCertificateFlags.UNKNOWN_CA, TlsCertificateFlags.BAD_IDENTITY,
TlsCertificateFlags.NOT_ACTIVATED, TlsCertificateFlags.EXPIRED, TlsCertificateFlags.REVOKED,
TlsCertificateFlags.INSECURE, TlsCertificateFlags.GENERIC_ERROR, TlsCertificateFlags.VALIDATE_ALL}) {
if (f in errors) {
error_str += @"$(f), ";
}
}
warning(@"[%p, %s] Tls Certificate Errors: %s", this, this.remote_name, error_str);
return false;
}
}
Reference in a new issue View git blame Copy permalink